Security Concerns with Mobile Apps

Recently, at Ars Technica, there was an article on the data that the Pandora app for Android sends to Pandora and its advertisers.  It links to a WSJ article on a federal investigation about the privacy issues.

Collecting this information the whole point of many of these apps.  Many of these sites that put out apps for the mobile platforms don’t put out mobile compatible web sites.  (For example, IMDB has apps available for multiple platforms, but I don’t think it has a mobile site.)  As a counter example, WordPress automatically generates mobile versions of its blogs.  Many web sites have mobile versions of their sites in lieu of or in addition to apps.

So why don’t they just make mobile compatible web sties?  Then they wouldn’t be able to collect the data.

These apps try to get your exact GPS location for either advertising or location-based services.  The vast majority of these services could be accomplished with less intrusive methods, such as asking for a local city or zip code.

The privacy policies of many of these companies are often buried in their terms of service—which few users actually bother to read.  Policing adherence to these policies has been nonexistent up to this point.  This federal investigation and its results should be interesting.

I think we’re only at the tip of the iceberg of the privacy backlash against these mobile apps.

Posted in Security Tagged with: , , ,